Generating Fake Cyber Threat Intelligence Using Transformer-Based Models
| dc.contributor.author | Ranade, Priyanka | |
| dc.contributor.author | Piplai, Aritran | |
| dc.contributor.author | Mittal, Sudip | |
| dc.contributor.author | Joshi, Anupam | |
| dc.contributor.author | Finin, Tim | |
| dc.date.accessioned | 2021-03-16T17:10:32Z | |
| dc.date.available | 2021-03-16T17:10:32Z | |
| dc.description | 2021 International Joint Conference on Neural Networks (IJCNN), 18-22 July 2021, Shenzhen, China | |
| dc.description.abstract | Cyber-defense systems are being developed to automatically ingest Cyber Threat Intelligence (CTI) that contains semi-structured data and/or text to populate knowledge graphs. A potential risk is that fake CTI can be generated and spread through Open-Source Intelligence (OSINT) communities or on the Web to effect a data poisoning attack on these systems. Adversaries can use fake CTI examples as training input to subvert cyber defense systems, forcing the model to learn incorrect inputs to serve their malicious needs. In this paper, we automatically generate fake CTI text descriptions using transformers. We show that given an initial prompt sentence, a public language model like GPT-2 with fine-tuning, can generate plausible CTI text with the ability of corrupting cyber-defense systems. We utilize the generated fake CTI text to perform a data poisoning attack on a Cybersecurity Knowledge Graph (CKG) and a cybersecurity corpus. The poisoning attack introduced adverse impacts such as returning incorrect reasoning outputs, representation poisoning, and corruption of other dependent AI-based cyber defense systems. We evaluate with traditional approaches and conduct a human evaluation study with cybersecurity professionals and threat hunters. Based on the study, professional threat hunters were equally likely to consider our fake generated CTI as true. | en_US |
| dc.description.sponsorship | This work was supported by a U.S. Department of Defense grant, a gift from IBM research, and National Science Foundation grant #2025685. We would like to thank various cybersecurity professionals and threat hunters at US defense contractors that took part in our human evaluation study | en_US |
| dc.description.uri | https://ieeexplore.ieee.org/document/9534192 | en_US |
| dc.format.extent | 8 pages | en_US |
| dc.genre | conference papers and proceedings | en_US |
| dc.genre | preprints | |
| dc.identifier | doi:10.13016/m2ound-iofz | |
| dc.identifier.citation | P. Ranade, A. Piplai, S. Mittal, A. Joshi and T. Finin, "Generating Fake Cyber Threat Intelligence Using Transformer-Based Models," 2021 International Joint Conference on Neural Networks (IJCNN), 2021, pp. 1-9, doi: 10.1109/IJCNN52387.2021.9534192. | en_US |
| dc.identifier.uri | http://hdl.handle.net/11603/21188 | |
| dc.identifier.uri | https://doi.org/10.1109/IJCNN52387.2021.9534192 | |
| dc.language.iso | en_US | en_US |
| dc.publisher | IEEE | |
| dc.relation.isAvailableAt | The University of Maryland, Baltimore County (UMBC) | |
| dc.relation.ispartof | UMBC Computer Science and Electrical Engineering Department Collection | |
| dc.relation.ispartof | UMBC Faculty Collection | |
| dc.relation.ispartof | UMBC Student Collection | |
| dc.rights | © 2021 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works. | * |
| dc.subject | UMBC Ebiquity Research Group | |
| dc.title | Generating Fake Cyber Threat Intelligence Using Transformer-Based Models | en_US |
| dc.type | Text | en_US |